YoVDO

Oracle Data Redaction is Broken

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Data Protection Courses Data Encryption Courses PCI Compliance Courses

Course Description

Overview

Explore the vulnerabilities in Oracle's data redaction service, introduced in Oracle 12c, through this Black Hat conference talk. Learn how the service, designed to protect sensitive data like PII, can be bypassed by attackers, potentially leading to privilege escalation. Delve into the history of Oracle security issues, examine the implementation flaws, and discover multiple attack vectors that compromise the redaction feature. Understand the implications for PCI compliance and data encryption. Compare Oracle's approach to Microsoft's, and gain insights into Oracle's internal processes and documentation practices. Discover practical strategies to protect against these vulnerabilities and critically evaluate the effectiveness of Oracle's data redaction service in real-world scenarios.

Syllabus

Introduction
Who am I
History
Launching External Procedures
Oracles Fix
Backend Bypass
Patches
Oracle vs Microsoft
Oracle Data Redaction
Why Redaction
How it works
XML query vulnerability
Updating a column
Brute force
Common Criteria
Protection Profile
Data is not changed
Is it useful
PCI compliance
Data encryption
How do I protect against this
Oracles internal processes
Its not rocket science
No documentation
Oracle Fusion Media Pack


Taught by

Black Hat

Related Courses

Learning Security Frameworks
LinkedIn Learning
WordPress: Ecommerce
LinkedIn Learning
Learning Secure Payments and PCI
LinkedIn Learning
Encryption and Masking for Sensitive Apache Spark Analytics Addressing CCPA and Governance
Databricks via YouTube
Cyber Insurance - What Makes a Good Fit for You
nullcon via YouTube